GDPR
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European Union regulation that establishes a new framework for the processing and protection of personal data of EU-based residents. It is the most comprehensive European data privacy law in decades and comes into force on 25 May 2018.
As well as strengthening and standardising user data privacy across all EU countries, the regulation imposes new or additional obligations on all organisations that process the personal data of EU citizens, regardless of where they are located.
The principles of the GDPR
The GDPR provides a framework for the processing of personal data (your “personal data”) relating to any identifiable natural person (the “Data Subject”). As a Data Subject, you have extensive rights, whether you are identified directly or indirectly through the context of interaction in which your information was captured.
Your rights under the GDPR
Consent
Under the GDPR, you consent to an organisation (the “controller”) processing your personal data. Controllers must obtain your consent before they can process your data.
Special categories of data
Unless specifically authorised, the GDPR prohibits the processing of certain special categories of personal data known as “sensitive data” such as race, ethnicity, political and religious beliefs, sexual orientation, genetic and biometric data. EverReady.ai does not acquire or process any personal data in these categories.
Access Rights
If you have consented to a data controller processing your personal data, then you may request the following:
– Access to a copy of the personal data being processed.
– The purpose(s) of the personal data processing.
In particular, whether automated decision-making or profiling is taking place, and if so, the logic involved, the extent and likely consequences of such processing.
– The categories of data processed (e.g. name, address, online browsing behaviour).
– Any third party recipients of such personal data, upstream or downstream, in particular recipients in third countries (i.e. countries outside the EU).
– Any third party source of the data subject’s personal data (i.e. not collected directly from the data subject, e.g. by purchasing such data from another source that has previously collected the data directly).
– How long the personal data will be retained, or if this is not determinable, how the length of that period will be determined.
– The rectification of personal data.
– Limitation of the processing of personal data.
– Objection to the processing of personal data.
– The right to rectify personal data.
As a data subject, you have the right to have any errors or inaccuracies in personal data corrected. Your data controller must comply with these requests without undue delay.
Right to erasure
In certain situations, you have the right to have your personal data erased. In this case, the controller must delete your personal data and confirm the deletion via a notification sent to you.
Right to data portability
You have the right to have the personal data you have provided to the data controller exported and transmitted to you in a structured format.
Notification of breaches
In the event of a personal data breach that may pose a high risk to the privacy of Data Subjects, EverReady will promptly inform them of:
the nature of the breach ;
the likely consequences of the breach; and
the contact details of the person to be contacted (DPO or other);
the measures taken to remedy the breach and, if necessary, to limit the negative consequences of the breach.
EverReady.ai’s commitment to protecting your personal data
EverReady.ai is committed to partnering with its customers and users to ensure that EverReady.ai is fully compliant with the requirements of the GDPR. EverReady.ai recognises your rights under the GDPR and will ensure that these rights are honoured, and that your Personal Data is protected. EverReady.ai’s product and security teams are working diligently to bring EverReady.ai’s product offerings and contractual commitments into compliance with the RGPD for our customers, prospects, users and others who interact with EverReady.ai.
Measures to achieve this include:
– Additional investments in our security infrastructure
– Support and maintenance of our Privacy Shield self-certification
– New clarity on procedures for consent, data portability and privacy preference enquiries.
We are committed to RGPD compliance provided by privacy-related regulators, and will adjust our plans accordingly if there are any changes. We will provide you with regular updates along the way so that you are always up to date.
Our security infrastructure and certifications
Protecting our customers’ information and the privacy of their users is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we have set high standards for security.
If you would like to learn more about EverReady.ai’s security policies and procedures, please visit our security page.
International Data Transfers: Privacy Shield and Contractual Terms
In addition, we offer European Union standard clauses, also known as standard contractual clauses, to meet the adequacy and security requirements of our customers operating in the EU.
EverReady.ai as a data controller vs. data processor
Your personal data may come within the scope of EverReady.ai’s processing in a number of ways. Depending on how your personal data is processed, who has control of the data and who is responsible for protecting and administering your rights, EverReady.ai may be described as either a controller or a processor. This section describes EverReady.ai’s role as a controller and processor, and explains how you can interact with EverReady.ai in either role.
EverReady.ai’s role as a data controller
When you interact with EverReady.ai via its marketing outreach and sales development programs as a website visitor, webinar participant, or asset downloader, EverReady.ai is the controller from the perspective of the GDPR. In these cases, EverReady.ai is responsible for obtaining your consent and providing means to exercise your personal data rights.
Personal data
Personal Data that you submit when you register, such as your name, email address, phone number and address.
Any other Personal Data that EverReady.ai obtains from sources to which you have already given your consent. EverReady.ai may use data from these sources for identification and data enrichment. For example, if you have only provided EverReady.ai with your email address and company name, EverReady.ai may use another service to identify your company phone number or title, provided that this information was submitted by you to the third party service.
Consent
When you interact with web forms and similar registration pages on the EverReady.ai website (or partners with whom we collaborate), we will ask you for explicit consent before you submit your Personal Data.
When sales development representatives contact you and you provide us with information, you consent to our use of the information we have obtained from you.
EverReady.ai also ensures that any additional data it obtains from third party services is obtained by that third party after obtaining your consent.
If you have previously given EverReady.ai consent to collect your personal data, you may choose to withdraw that consent at a later time. Please send an email request to gdpr@EverReady.ai and we will implement the request, and provide confirmation of the withdrawal of your consent by a reply email to your email address. The confirmation email will also tell you the consequences of withdrawing your consent.
Privacy preferences
During your registration process, we may offer certain preferences that control the privacy of your data. In addition, some registration processes may offer the submission of certain data as optional items. You may choose not to provide optional data, but if you do, EverReady.ai will track your submissions. In addition, EverReady.ai will respect your choices and ensure that these preferences and optional data are part of the data you access through requests based on the GDPR framework.
Transfer to a Third Party
EverReady.ai does not sell your personal data to other third party organisations. EverReady.ai also does not transfer the rights to your personal data to any other party and does not use the data other than for the original purpose of processing. Any transfer to a third party is solely for the purpose of processing the data and EverReady.ai has secured agreements with downstream processors to protect personal data and enforce RGPD data rights for you.
Our use of your data
In the event that data has been transferred to a third party.
To request this data, please contact gdpr@EverReady.ai and we will respond within 72 hours of your request.
Data erasure, accuracy and portability
You may submit a request via gdpr@EverReady.ai to delete all data about you. EverReady.ai will comply with this request, but will use your email to send a confirmation notice that we have completed the requested action.
You may submit a request via gdpr@EverReady.ai to update the personal data we hold about you. EverReady.ai will do this and use your email address to send a confirmation notice that we have completed the requested action. If a change of email address has been requested, EverReady.ai will send confirmation to both the old and new addresses.
You may also submit a request via gdpr@EverReady.ai to request an export of all your data for data portability. EverReady.ai will provide this information via a CSV or JSON file. Such a report will include meta-data such as the date particular data was added, any updates to the data, etc. – i.e. an audit trail of the data.
Data Breach Notification
We will notify you if your Personal Data has been compromised via a breach using any coordinated methods we have for you, within 72 hours. This includes any breach that has been caused by a data controller that EverReady.ai has authorised to process your data.
Filing Complaints
EverReady.ai has put in place industry-leading processes to provide you with rights to your personal data in accordance with the GDPR guidelines. In the event that you are not satisfied with our resolution of your requests, you have the right to file a complaint. Please submit a request via gdpr@EverReady.ai to file a complaint. You also have the right to file a similar complaint with a supervisory authority in the jurisdiction in which you are located and to request appropriate remedies.
Notification of data breaches
In the event of a data breach, EverReady.ai, as a data processor is required to notify your employer/organisation that there has been a data breach. Your organization will then inform you of the breach, its impact and possible remedies. EverReady.ai will not notify you directly.
Data Erasure, Accuracy and Portability
To request the export, erasure or update of personal data held by EverReady.ai, please send a request to gdpr@EverReady.ai. We will forward your request to your employer/organisation, who will then initiate a request to EverReady.ai to complete the request. As EverReady.ai’s role is solely that of a data controller, EverReady.ai will not be able to perform these actions directly.
Filing a complaint
To make a complaint about personal data processed by EverReady.ai, use your employer’s or organisation’s complaint portal/form (the Data Controller). EverReady.ai will assist the data controller in processing the complaint, but will not take any action until and unless such action is authorized by the data controller.
List of Processors
EverReady.ai, as data controller, has engaged the services of the following sub-processors. Some or all of your personal data may be transferred to them. All such transfers are governed by master service agreements and GDPR agreements (via the Data Processing Addendum) which set out the scope of processing as well as the legal basis for such processing. EverReady.ai requires its processors to carry out the specified processing solely for the purpose of providing the services that are part of the agreement. To learn more about our subcontractors’ GDPR initiatives, please visit the web pages listed here.
Amazon Web Services, Inc.
Google Firebase
Mailchimp
EverReady.ai will inform your GDPR and/or administrative contact if we add new subcontractors to the above list.